CVE-2023-1168 : An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitat

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.

Published 2023-03-22 06:15:09

Updated 2023-03-29 13:19:01

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2023-1168

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-1168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	Hewlett Packard Enterprise (HPE)
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-1168

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt

Vendor Advisory

Products affected by CVE-2023-1168

HPE » Arubaos-cx
Versions from including (>=) 10.10.0000 and before (<) 10.10.1030
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Matching versions
When used together with: HPE » Aruba Cx 10000-48y6 » Version: N/A
When used together with: HPE » Aruba Cx 6200f 48g » Version: N/A
When used together with: HPE » Aruba Cx 6200m 24g » Version: N/A
When used together with: HPE » Aruba Cx 6300m 24p » Version: N/A
When used together with: HPE » Aruba Cx 6300m 48g » Version: N/A
When used together with: HPE » Aruba Cx 6405 » Version: N/A
When used together with: HPE » Aruba Cx 6410 » Version: N/A
When used together with: HPE » Aruba Cx 8320-32 » Version: N/A
When used together with: HPE » Aruba Cx 8320-48p » Version: N/A
When used together with: HPE » Aruba Cx 8325-32c » Version: N/A
When used together with: HPE » Aruba Cx 8325-48y8c » Version: N/A
When used together with: HPE » Aruba Cx 8360-12c » Version: N/A
When used together with: HPE » Aruba Cx 8360-16y2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-24xf2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-32y4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48xt4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48y6c » Version: N/A
When used together with: HPE » Aruba Cx 8400 » Version: N/A
When used together with: HPE » Aruba Cx 9300 32d » Version: N/A
HPE » Arubaos-cx
Versions from including (>=) 10.08.0000 and up to, including, (<=) 10.08.1070
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Matching versions
When used together with: HPE » Aruba Cx 10000-48y6 » Version: N/A
When used together with: HPE » Aruba Cx 6200f 48g » Version: N/A
When used together with: HPE » Aruba Cx 6200m 24g » Version: N/A
When used together with: HPE » Aruba Cx 6300m 24p » Version: N/A
When used together with: HPE » Aruba Cx 6300m 48g » Version: N/A
When used together with: HPE » Aruba Cx 6405 » Version: N/A
When used together with: HPE » Aruba Cx 6410 » Version: N/A
When used together with: HPE » Aruba Cx 8320-32 » Version: N/A
When used together with: HPE » Aruba Cx 8320-48p » Version: N/A
When used together with: HPE » Aruba Cx 8325-32c » Version: N/A
When used together with: HPE » Aruba Cx 8325-48y8c » Version: N/A
When used together with: HPE » Aruba Cx 8360-12c » Version: N/A
When used together with: HPE » Aruba Cx 8360-16y2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-24xf2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-32y4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48xt4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48y6c » Version: N/A
When used together with: HPE » Aruba Cx 8400 » Version: N/A
When used together with: HPE » Aruba Cx 9300 32d » Version: N/A
HPE » Arubaos-cx
Versions from including (>=) 10.09.0000 and up to, including, (<=) 10.09.1020
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Matching versions
When used together with: HPE » Aruba Cx 10000-48y6 » Version: N/A
When used together with: HPE » Aruba Cx 6200f 48g » Version: N/A
When used together with: HPE » Aruba Cx 6200m 24g » Version: N/A
When used together with: HPE » Aruba Cx 6300m 24p » Version: N/A
When used together with: HPE » Aruba Cx 6300m 48g » Version: N/A
When used together with: HPE » Aruba Cx 6405 » Version: N/A
When used together with: HPE » Aruba Cx 6410 » Version: N/A
When used together with: HPE » Aruba Cx 8320-32 » Version: N/A
When used together with: HPE » Aruba Cx 8320-48p » Version: N/A
When used together with: HPE » Aruba Cx 8325-32c » Version: N/A
When used together with: HPE » Aruba Cx 8325-48y8c » Version: N/A
When used together with: HPE » Aruba Cx 8360-12c » Version: N/A
When used together with: HPE » Aruba Cx 8360-16y2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-24xf2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-32y4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48xt4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48y6c » Version: N/A
When used together with: HPE » Aruba Cx 8400 » Version: N/A
When used together with: HPE » Aruba Cx 9300 32d » Version: N/A
HPE » Arubaos-cx
Versions from including (>=) 10.06.0000 and before (<) 10.06.0240
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Matching versions
When used together with: HPE » Aruba Cx 10000-48y6 » Version: N/A
When used together with: HPE » Aruba Cx 6200f 48g » Version: N/A
When used together with: HPE » Aruba Cx 6200m 24g » Version: N/A
When used together with: HPE » Aruba Cx 6300m 24p » Version: N/A
When used together with: HPE » Aruba Cx 6300m 48g » Version: N/A
When used together with: HPE » Aruba Cx 6405 » Version: N/A
When used together with: HPE » Aruba Cx 6410 » Version: N/A
When used together with: HPE » Aruba Cx 8320-32 » Version: N/A
When used together with: HPE » Aruba Cx 8320-48p » Version: N/A
When used together with: HPE » Aruba Cx 8325-32c » Version: N/A
When used together with: HPE » Aruba Cx 8325-48y8c » Version: N/A
When used together with: HPE » Aruba Cx 8360-12c » Version: N/A
When used together with: HPE » Aruba Cx 8360-16y2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-24xf2c » Version: N/A
When used together with: HPE » Aruba Cx 8360-32y4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48xt4c » Version: N/A
When used together with: HPE » Aruba Cx 8360-48y6c » Version: N/A
When used together with: HPE » Aruba Cx 8400 » Version: N/A
When used together with: HPE » Aruba Cx 9300 32d » Version: N/A

Vulnerability Details : CVE-2023-1168

Exploit prediction scoring system (EPSS) score for CVE-2023-1168

CVSS scores for CVE-2023-1168

References for CVE-2023-1168

Products affected by CVE-2023-1168